cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murali Reddy <>
Subject Re: [DISCUSS] Palo Alto Integration
Date Tue, 02 Apr 2013 06:42:20 GMT
The 'Network' has a life cycle associated with it. Network goes from 'allocated' state (after
the design phase) to 'implemented' (after implement phase). Unless a network is implemented
it is not ready for use in 'isolated network' case. Only after network is implemented, it
gets full identity. Can you please deploy a Vm into the network and confirm you see that non-overlapping
CIDR's is allocated? you see is the default CIDR network gets after design phase
which will be replaced once network is implemented.

From: Will Stevens <<>>
Reply-To: "<>" <<>>
Date: Tuesday, 2 April 2013 12:33 AM
To: "<>" <<>>
Subject: Re: [DISCUSS] Palo Alto Integration

So I have been stepping through the code and I can confirm that the 'design' method of ExternalGuestNetworkGuru
is being hit, but it doesn't do anything, so it passes off work of creating the network to
the 'design' method of GuestNetworkGuru which assigns<>
to the network every time I create a network.

Something I am finding strange is that 'config.getId()' gives -1, so the new network that
is being created while in the 'design' method of ExternalGuestNetworkGuru does not hit the
only logic in the function:

NetworkVO config = (NetworkVO), plan, userSpecified, owner);
if (config == null) {
    return null;
} else if (_networkModel.networkIsConfiguredForExternalNetworking(plan.getDataCenterId(),
config.getId())) {
    /* In order to revert userSpecified network setup */

So the config.setState(State.Allocated) is not getting hit.

There does seem to be some logic for updating the cidr in the 'implement' function of ExternalGuestNetworkGuru,
but that is not run until a VM is added to the network (from what I understand), so that is
a bit strange to me.

Are the non-overlapping cidrs implemented only when a VM is added to the network and the same
placeholder cidr is used until then?



On Mon, Apr 1, 2013 at 11:22 AM, Will Stevens <<>>
Thank you for all your help Murali...

So my Provider has been setup with isExternal = true this whole time.
public static final Provider PaloAlto = new Provider("PaloAlto", true);

If I run a debugger and then create a guest network, I see it enter the 'design' function
of the ExternalGuestNetworkGuru, but it does not do anything in there because the config is
not null, but the config.getId() = -1, so it just returns the config (Network object) and
doesn't really do anything.

Apparently the 'implement' method doesn't get called until a VM is attempted to be launched
on the network.

I must be missing something because, every Isolated guest network I create on my provider
is defaulting to the cidr of<>.  Even if I have multiple
Isolated networks associated with the same account, they all by default have that cidr.

If the default behaviour of the ExternalGuestNetworkGuru is to create non-overlapping guest
cidrs, why does it always default to the<> cidr when I
create a new network?  I can not specify a gateway or netmask because it is an external network
(as you can see from the included screenshot).
[Inline image 1]

What am I missing here?  Why am I unable to create non-overlapping cidrs with the ExternalGuestNetworkGuru?



On Fri, Mar 29, 2013 at 1:23 AM, Murali Reddy <<>>
On 28/03/13 10:59 PM, "Will Stevens" <<>>

>I am trying to implement the non-overlapping cidrs right now and I have
>some questions.  Does the ExternalGuestNetworkGuru create networks with
>non-overlapping cidrs by default?  Or do I need to override it's 'design'
>and 'implement' methods to implement non overlapping cidrs?

Will, yes, it does by default. You can just use
'ExternalGuestNetworkGuru'. Just so that you know, there is check
'networkIsConfiguredForExternalNetworking' in ExternalGuestNetworkGuru.
Which basically checks if provider is configured as service provider using
external physical appliances. So when you declare provider, mark
'isExternal' as true in the provider constructor.

>If I have to write my own methods, I think I understand how to
>override ExternalGuestNetworkGuru and then get it to run by adding it to
>the components.xml (or nonoss-components.xml) as well as the
>If I do not have to actually write the logic for the non-overlapping cidrs
>(which i am hoping is the case), and the ExternalGuestNetworkGuru actually
>implements that logic, how would I get the ExternalGuestNetworkGuru into
>flow without actually overriding the class?  I understand that the
>components are loaded through the components.xml stuff, but its not clear
>how you specify which NetworkGuru should be used in my specific flow.
>I am basically working from this
>the code.  Is there any other resources I should be aware of for
>extending the CloudStack networking functionality?
>I have a good start on a Resource, ExternalFirewallElement and an
>ExternalFirewallService.  I can currently set the Palo Alto as the
>of Firewall, SourceNat, StaticNat and Port Forwarding services.  I can
>currently Add, List, Configure and Delete my Palo Alto provider.
>I am getting there, but I still feel like there are gaps in my knowledge
>when using the CS networking plugin functionality.

Good the hear the progress. Feel free to ask any question.



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message